A senior Biden administration official said on July 18 that the Chinese administration was using criminal contract hackers as part of a state-backed cyberattack on targets around the world.
Officials added that the administration’s highest intelligence agency, the Chinese Department of Homeland Security (MSS), is behind the deployment of these hackers. Its targets also include managed service providers, semiconductor companies, defense companies, universities, and healthcare institutions, according to the US Government’s Cybersecurity Advisory.
“These cyber operations support China’s long-term economic and military development goals,” the advisory explained.
The Chinese Communist Party (CCP) has developed various policies and industrial roadmaps with the goal of achieving “modernization of socialism” and becoming a “world leader in innovation” by 2035.
Part of the cyberattack is a ransomware operation that encrypts the victim’s data and makes it inaccessible to malicious attackers. The actor then demands a ransom in exchange for the decryption. Some private companies were asked to pay millions of dollars after being hit by China’s ransomware business, according to people familiar with the matter.
New revelations on China’s long track record of malicious cyber activity have garnered joint criticism from multiple countries, including the United Kingdom, Australia, Canada, Japan, New Zealand and Japan, as well as from the European Union and NATO.
“As long as these irresponsible and malicious cyber activities continue, all victims of the world will call on them and make it clear to China that network defense and cybersecurity will facilitate such coordination. “We are,” said a Biden administration official.
In response to China’s new cyber threat, authorities will work together with the Five Eyes countries, Japan, the EU and NATO to increase information sharing and diplomatic involvement, “strengthening the collective of cyber resilience and security cooperation. I explained. They expect more countries to participate in the cooperation in the coming weeks.
Biden officials explained that this is the first time NATO has publicly condemned China’s cyber activities as the transatlantic alliance has adopted a new one. Cyber defense policy In June. It states that cyber attacks on NATO member states are considered attacks on all member states and that measures will be considered accordingly.
Officials also said the Chinese administration was responsible for a cyberattack on Microsoft, alleging that a “malicious cyberattacker” belonging to MSS exploited and compromised a zero-day vulnerability in US tech giant Exchange Server software. He said he had “high confidence”. Tens of thousands of systems around the world.
In March, Microsoft announced that Hafnium, a country-sponsored hacking group operating in China, was responsible for hacking email and calendar servers.Estimates of security experts at the time At least 30,000 organizations It was hacked in the United States.
“We have expressed concern about both the Microsoft case and the Chinese case. [People’s Republic of China] Broader malicious cyber activities with senior Chinese government officials have revealed that China’s actions threaten the security, trust and stability of cyberspace, “said a senior US official.
“The United States and its allies and partners have not ruled out further actions to make China accountable.”
Beijing has previously rejected Microsoft’s claim, saying that businesses and the media should not make “unfounded accusations.”
Chinese cyber tactics
The Cyber Security Advisory outlined Beijing’s tactics and technologies and provided recommendations on how to enhance your computer system.
“By exposing China’s malicious activities to allies and partners, we continue our government efforts to inform and empower system owners and operators to act domestically and globally. “We will,” said a senior US official.
China’s state-owned cyber attackers are known to hide their identities through virtual private servers and use small office and home office (SOHO) broadband routers to evade detection.
According to the advisory, these actors “consistently scan the target network for critical and advanced vulnerabilities within days of the vulnerability being published.” They are Microsoft products, Apache, F5 Big-IP,and Pulse secure..
April, California-based cybersecurity company FireEye Published a report Chinese hackers say they have abused PulseSecure’s virtual private network to access government agencies and businesses in the United States and Europe. The hacker was suspected of working in China’s administration and was associated with APT5, one of China’s highly persistent threat groups.
The various Microsoft products covered include Microsoft 365, Outlook Web Access, and Exchange offline address books.
These attackers are also known to run spear phishing campaigns (sending infected emails containing malicious links or attachments) to control the victim’s device.
This advisory offers several mitigation options, including the use of network intrusion detection and prevention systems, and monitoring of common ports and protocols for command and control activities.